Danubius logo for site avatar

How your file uploads may get hacked?

In this blog post we will cover the most important file input validation techniques on the web, some attacks againts them, and highlight the importance of sanitizing data sent by the end user with a case study.

Read More

Can you be a Hero in IT? – Lessons from real customer stories (2nd part)

Collaboration

In the first part of our article, we looked for the answer to the question above, and went behind the scenes of an investigation and crisis management, adventured into the unknown, and learned what it’s like to have to deal with language differences in a project. In conclusion, we found that in many cases, it is not being afraid to roll up your sleeves, when you have the chance to prove yourself that you are a hero.

Focusing mainly on the inner workings, we brought some other stories to you.

Read More

How did we resolve a performance issue related to i18n?

MacBook is opening in fancy lights

When you start to plan the pillars of your application, one topic you should consider is region support. If you don’t want to support multiple languages, it’s very simple, every text can be statically stored, and you don’t need to care about it later. But what if you want to support multiple regions and languages? Before implementation, you need to answer some related questions: How to store the static texts? What about dynamic content? There are many solutions on the internet for the first part, but the second one is much more interesting. One of our customers decided to handle all these with a relational database. This is not the worst idea, but not the best either. When you store the multilingual content in relations, you need careful and very precise design of your entities, because it can become a pitfall very soon.

Read More

Log4j2 RCE and exploitation example (CVE-2021-44228)

Fox is looking really smart with glasses

What is CVE-2021-44228?

In the first half of December, 2021, ransomware attackers received the perfect Santa gift: an easily exploitable Log4j2 vulnerability. Log4j is a widely used, Java-based logging utility published by Apache initially in 2001. Since then it received many updates, and a major release to version 2. As of today, the latest patched version is 2.16.0 (December 13).

Today we use this flaw and open shell to our target machine.

Read More

Startup product development risks from technical aspects

Man is loosing it with head on his computer

Do you have the perfect product idea, a unique and innovative approach, know your potential competitors, and are convinced you can do better? Do you have ideas about how to break into the market, have ideas about marketing and sales, but IT development is not your thing? You’re not alone, we’ve recently been talking to a number of similar startup owners and entrepreneurs across Europe, some of whom we’ve helped to turn their ideas into reality from a development perspective. Many think that they can cover the development part of the process of bringing a product to market by hiring one or two (up to four or five, maybe more) programmers and hope that they will answer all the technical questions. Even if the best developers in the world have been recruited for the task, it will not be that simple and smooth, there are many pitfallss that can hinder the market launch, which can be avoided to a very large extent by conscious planning and preparation. In this post, we will try to gather some of the key, mainly IT-related aspects that are typically missing from business visions and that, apart from writing the source code, will be necessary for the IT and hence business launch of a successful product.

Read More

How to have an effective 1on1, and why is it important?

1on1 talk

As a manager, have you ever reorganised your meetings to make more efficient use of your already limited time, to fit that sales presentation, engineering briefing or management coffee in? Can you recall how easy it is to reschedule that certain 1on1 with Peter – “it’ll be fine in three days, won’t it”? Or did you just cancel one, because “we just talked three weeks ago, he’s working, he’s improving, I don’t see a problem, let’s talk next time”? It happened to me several times, but after a while, after a series of realisations, I really tried hard to treat 1on1s the way we all should: as one of the most important development and confidence-building opportunities - not only from a managerial point of view, but also as an employee. What’s worth knowing about this topic?

Read More

How can feature flagging help you during release and customer experiments?

On and off button

Have you ever been working in a situation as a project manager, business owner, product owner on a project or in an organisation, when a major change you have been waited for so long was deployed to production related to an application you were responsible for, and what worked perfectly yesterday’s now broken, but you couldn’t intervene? Are you familiar with the terms rollback, while you shouldn’t have to? Perhaps you have developed new functions with IT guys, but when you went live, you couldn’t make sure everything was functioning properly, before opening it to the full audience of customers?

Have you ever done market segmentation as a marketing expert, but it never occurred to you that the app could be used to target specific users, and display differently to some groups than to others? Did you want to try something new, but weren’t sure if it would have the same effect that you expected? Has IT supported A/B testing so far?

As a developer or operator, have you ever not slept the night after a release, because it was impossible to turn off non-operable features, systems were slow to revert to previous state, or there were interdependencies between pieces of code that only a full revert helped and lost all new features? Have you missed proper testing ever? Has it taken days to do a sweaty merge after months of development on several different branches even after following some well-written strategy like Gitflow?

Feature flagging is not the Holy Grail, but it can be very helpful for all involved stakeholders in the software development life cycle.

Read More

Can you be a Hero in IT? - Lessons from real customer stories

D-man super hero
Take a dose of enthusiasm! Add a dash of conscientiousness, then spice it up with a little persistence and curiosity! Mix it up and you’re done! Is the recipe for “heroism” that simple? :)

Who is the hero in IT today? Let’s be honest, in recent years the word itself has become a bit trite and overused in IT sector (too), but that doesn’t mean those, who stand out from the crowd with their attitude and professionalism, have disappeared. They do exist, but they do not advertise themselves over and over again.

Read More

Guidance for mentors, mentees, and companies planning introduction of a mentoring program

Danubius team

The mentor is not equal to Google, while the mentee has a hard time swimming with a holey life jacket. What to do and not to do, what to pay attention to, while you are a mentor, and what to focus on, if a mentoring program is planned to introduce at your company?

You have just finished a 1.5-year software development bootcamp, or got your degree, graduated from university. You should see a bunch of opportunities in front of you, yet you enter the first job of your life with trembling legs, or right after a career change, get experience in a completely different environment than earlier. You are committed, but also full of questions and doubts. At your new company, they point to an experienced colleague and say (s)he is the one you can turn and talk to, if you have questions or in case of any professional uncertainty – (s)he will be your mentor. Do you calm down, or are you even more nervous?

Read More